From 39f75cddff74c0ae4bb617f56845646345c2b15e Mon Sep 17 00:00:00 2001
From: Moul <moul@moul.re>
Date: Fri, 2 Oct 2020 20:26:21 +0200
Subject: [PATCH] [fix] #89: Use new permission system

Use ynh_permission_* helpers
Keeping BMA accessible to visitors
and Duniter admin interface accessible to the selected admin
Remove deprecated permission system settings
---
 scripts/functions.sh | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index 50247f6..280937a 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -31,17 +31,22 @@ CONFIGURE_DUNITER () {
 }
 
 CONFIG_SSOWAT () {
-	# Add admin to the allowed users
-	yunohost app addaccess $app -u $admin
+	# Protect senstive sub-routes to Duniter web admin interface, give access to choosen admin
+	if ! ynh_permission_exists --permission "admin"; then
+		ynh_permission_create --permission "admin" --url "/webui","/webmin" --allowed "$admin"
+	fi
 
-	# Protect senstive sub-routes
-	ynh_app_setting_set "$app" protected_uris "/webui","/webmin"
-
-	# Duniter is public app, with only some parts restricted in nginx.conf
-	ynh_app_setting_set "$app" unprotected_uris "/","/modules"
+	# Add access to BMA
+	ynh_permission_update --permission main --add visitors
 
 	# Set URL redirection from root to webadmin
 	ynh_app_setting_set "$app" redirected_urls "{'$domain/':'$domain/webui'}"
+
+	# Remove deprecated permission system settings
+	if [ ! -z "$(ynh_app_setting_get --app=$app --key=protected_uris)" ]; then
+		ynh_app_setting_delete --app=$app --key=protected_uris
+		ynh_app_setting_delete --app=$app --key=unprotected_uris
+	fi
 }
 
 CONFIG_NGINX () {